๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
@cibsecurity
25.9K subscribers
89.2K links
๐Ÿ—ž The finest daily news on cybersecurity and privacy.

๐Ÿ”” Daily releases.

๐Ÿ’ป Is your online life secure?

๐Ÿ“ฉ lalilolalo.dev@gmail.com
Download Telegram
About
Blog
Apps
Platform
Join
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
25.9K subscribers
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-2065 โ€ผ

Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass.This issue affects Cargo Tracking System: before 3558f28 .

๐Ÿ“– Read

via "National Vulnerability Database".
397 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks ๐Ÿ•ด

Researchers say the Iranian nation-state actor known as Tortoiseshell could be behind the attacks.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
Israeli Shipping, Logistics Companies Targeted in Watering Hole Attacks
Researchers say the Iranian nation-state actor known as Tortoiseshell could be behind the attacks.
389 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด How Universities Can Bridge Cybersecurity's Gender Gap ๐Ÿ•ด

It's time to invest in initiatives that engage young women in cybersecurity early and often.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
How Universities Can Bridge Cybersecurity's Gender Gap
It's time to invest in initiatives that engage young women in cybersecurity early and often.
395 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  PyPI open-source code repository deals with manic malware maelstrom โš 

Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future...

๐Ÿ“– Read

via "Naked Security".
Sophos News
Naked Security โ€“ Sophos News
331 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
๐Ÿ•ด OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps ๐Ÿ•ด

A cybersecurity vulnerability found in an implementation of the social login functionality opens the door to account takeovers and more.

๐Ÿ“– Read

via "Dark Reading".
Dark Reading
OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps
A cybersecurity vulnerability found in an implementation of the social login functionality opens the door to account takeovers and more.
319 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โš  Ransomware tales: The MitM attack that really had a Man in the Middle โš 

Another traitorous insider, busted by system logs that gave his game away.

๐Ÿ“– Read

via "Naked Security".
Naked Security
Ransomware tales: The MitM attack that really had a Man in the Middle
Another traitorous sysadmin story, this one busted by system logs that gave his game awayโ€ฆ
283 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-46816 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin <=ร‚ 1.1.4 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
254 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47447 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <=ร‚ 3.3.8 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
249 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47446 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps รขโ‚ฌโ€œ LotsOfLocales plugin <=ร‚ 3.98.7 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
241 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47180 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <=ร‚ 1.3.5 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
234 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-46794 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin <=ร‚ 5.4.1 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
223 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-25028 โ€ผ

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuyencode CC Custom Taxonomy plugin <=ร‚ 1.0.1 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
216 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1174 โ€ผ

This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container.

๐Ÿ“– Read

via "National Vulnerability Database".
212 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33944 โ€ผ

Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field.

๐Ÿ“– Read

via "National Vulnerability Database".
215 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33947 โ€ผ

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition.

๐Ÿ“– Read

via "National Vulnerability Database".
218 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2021-25748 โ€ผ

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.

๐Ÿ“– Read

via "National Vulnerability Database".
224 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33946 โ€ผ

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page.

๐Ÿ“– Read

via "National Vulnerability Database".
224 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2022-47152 โ€ผ

Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFunnels plugin <=ร‚ 3.1.1 versions.

๐Ÿ“– Read

via "National Vulnerability Database".
218 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33945 โ€ผ

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded.

๐Ÿ“– Read

via "National Vulnerability Database".
229 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-33948 โ€ผ

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.

๐Ÿ“– Read

via "National Vulnerability Database".
235 views
๐Ÿ›ก Cybersecurity & Privacy ๐Ÿ›ก - News
โ€ผ CVE-2023-1944 โ€ผ

This vulnerability enables ssh access to minikube container using a default password.

๐Ÿ“– Read

via "National Vulnerability Database".
237 views